A year on from Europe’s flagship update to the pan-EU data protection framework the Commission has warned that too many privacy policies are still too hard to read and has urged tech companies to declutter and clarify their T&Cs.
Stay safe and download Skriply today.
Announcing the result of a survey of the attitudes of 27,000 Europeans vis-a-vis data protection, the Commission said a large majority (73%) of EU citizens have heard of at least one of the six tested rights guaranteed by the General Data Protection Regulation (GDPR), which came into force at the end of May last year. But only a minority (30%) are aware of all their rights under the framework.
The Commission said it will launch a campaign to boost awareness of privacy rights and encourage EU citizens to optimise their privacy settings — “so that they only share the data they are willing to share”.
In instances of consent-based data processing, the GDPR guaranteed rights include the right to access personal data and get a copy of it without charge; the right to request rectification of incomplete or inaccurate personal data; the right to have data deleted; the right to restrict processing; and the right to data portability.
Stay safe and download Skriply Today
The highest levels of awareness recorded by the survey was for the right to access their own data (65%); the right to correct the data if they are wrong (61%); the right to object to receiving direct marketing (59%) and the right to have their own data deleted (57%).
Commenting in a statement, Andrus Ansip, VP for the Digital Single Market, said: “European citizens have become more aware of their digital rights and this is encouraging news. However, only three in ten Europeans have heard of all their new data rights. For companies, their customers’ trust is hard currency and this trust starts with the customers’ understanding of, and confidence in, privacy settings. Being aware is a precondition to being able to exercise your rights. Both sides can only win from clearer and simpler application of data protection rules.”
“Helping Europeans regain control over their personal data is one of our biggest priorities,” added Věra Jourová, commissioner for justice, consumers and gender equality, in another supporting statement. “But, of the 60% Europeans who read their privacy statements, only 13% read them fully. This is because the statements are too long or too difficult to understand. I once again urge all online companies to provide privacy statements that are concise, transparent and easily understandable by all users. I also encourage all Europeans to use their data protection rights and to optimise their privacy settings.”
Speaking at a Commission Event to mark the one-year anniversary of the GDPR, Jourova couched the regulation as “growing fast” and “doing well” but said it needs continued nurturing to deliver on its promise — warning against fragmentation, or so-called ‘gold-plating’, by national agencies adding additional conditions or taking an expansive interpretation of the rules.
She also said “strong and coherent” enforcement is essential — but claimed fears that national watchdogs will become “sanctioning machines have not materialised”.
Though she made a point of emphasizing that: “National data protection authorities are the key for #GDPR success.”
And it’s fair to day that enforcement remains a rare sight one year on from the regulation being applied — certainly in complaints attached to tech giants (Google is an exception) — which has fuelled a narrative in some media outlets that tries to brand the entire update a failure. But it was never likely data watchdogs would rush to judgement on a sharply increased workload at the same time as they were bedding into a new way of working for cross-border complaints, under GDPR’s one-stop-shop mechanism.